search
Active Boosts

57028 sc insight wrong amount variable in repay event

Submitted on Oct 22nd 2025 at 19:37:09 UTC by @Anirruth for Audit Comp | Alchemix V3arrow-up-right

  • Report ID: #57028

  • Report Type: Smart Contract

  • Report severity: Insight

  • Target: https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistV3.sol

  • Impacts:

hashtag
Description

hashtag
Brief/Intro

The event emitted for repay function is wrong.

hashtag
Vulnerability Details

The event emitted when a user calls repay function is the following:

emit Repay(msg.sender, amount, recipientTokenId, creditToYield);

The following is the event Repay:

/// @notice Emitted when `amount` of `underlyingToken` are repaid to grant credit to account owned by `recipientId`.
    ///
    /// @param sender          The address which is repaying tokens.
    /// @param amount          The amount of the underlying token that was used to repay debt.
    /// @param recipientId     The id of account that received credit for the repaid tokens.
    /// @param credit          The amount of debt that was paid-off to the account owned by owner.
    event Repay(address indexed sender, uint256 amount, uint256 indexed recipientId, uint256 credit);

https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistV3.sol?utm_source=immunefi#L517-L519

In the repay function, when emitting the event, in the amount column its supposed to be the credit/creditToYeild variable which gets reduced and not the inputted amount variable, Since the amount variable gets converted or reduced according to the debt and the credit/creditToYield variable is the one which gets subtracted from user. Therefore the variable to be used either the credit or the creditToYield variable. Similar to the burn function : https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistV3.sol?utm_source=immunefi#L492

hashtag
Impact Details

Wrong amount in the event is emitted.

hashtag
References

https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistV3.sol?utm_source=immunefi#L543

hashtag
Proof of Concept

hashtag
Proof of Concept

Not required for insights.

Previous57369 sc high deallocation may revert due to an underflowNext57331 sc medium conditional eth wrapping logic causes withdrawal dos in moonwellweth and stargateeth strategies

Was this helpful?